The team has established the Web Privacy Census, a process for surveying top websites each quarter to evaluate the amount and kind of monitoring under way. The goal is to create benchmarks to accurately evaluate the shifting methods of Internet marketers, ideally enabling a better informed debate over privacy policy.

The census primarily serves as a baseline for comparison with future surveys. But even on its own, the report highlights the almost dizzying amount of online tracking that occurs.

Internet marketers frequently place tracking cookies and similar software onto consumers' computers to observe their online behavior for the purpose of targeting ads and content.

An analysis of the 100 most popular websites in May, which included clicking on up to six random links per site, detected cookies on all of them. Twenty-one sites placed 100 or more cookies onto users' computers, while six dropped more than 150. And 84 percent of those cookies were placed by third parties.

Here's what that means: If you visit a single popular site, companies you've never interacted with, whose names you don't know, are putting dozens of pieces of software onto your computer. If that strikes you as invasive and presumptuous, that's only because it is.

Increasingly pervasive tracking, along with a series of recent privacy flaps, have raised critical questions about the appropriate ground rules for the digital age. Regulators, legislators, advocates and technologists have been hotly debating the topic in Washington, Brussels and elsewhere.

Pushing changes

President Obama called for a Consumer Privacy Bill of Rights. The Federal Trade Commission proposed a new privacy framework. And industry groups continue to argue that voluntary regulation is wholly adequate - despite the long list of counterexamples like the Path app sucking up iPhone address books, Google Buzz revealing consumers' regular e-mail correspondents and Apple storing a year's worth of iPhone owners' daily locations.

But it's difficult for officials to create smart privacy policy and evaluate the success of mandatory or voluntary rules without hard data on how tracking changes, said Chris Hoofnagle, director of the information privacy programs at the Berkeley Center for Law & Technology.

"We want to provide a longitudinal and empirical basis for the description of privacy problems online," he said. "So as the FTC and Department of Commerce adopt approaches, we can say something about whether tracking is increasing or decreasing or shifting to other technologies."

Privacy researchers have been calling for an ongoing tracking study since at least 1995, in part to gather a pool of data that can evaluate whether self-regulation really works. The strong sense is that when industry members agree to stop one practice, they simply start another.

In fact, this becomes apparent in the first Web Privacy Census report. Several years ago, a tracking tool known as a Flash cookie became a popular option for companies, because it could regenerate itself even after users had deliberately erased their cookies. In other words, they became popular because they allowed companies to continue monitoring consumers despite clearly stated preferences to the contrary.

After researchers caught companies red-handed using Flash cookies in this manner, several publicly agreed to stop. And indeed, the number of Flash cookies on the top 100 sites has dropped by 75 percent, based on the Web Privacy Census and an unrelated but comparable study in 2011.

But in that same time period, the use of what's known as HTML5 local storage, a technology with similar regenerative abilities, doubled. To be sure, HTML5 local storage isn't always deployed in this manner, but it potentially could be even more invasive, Hoofnagle said.

HTML5 is the emerging standard for Web development, so it will become increasingly difficult to block these tracking mechanisms without blocking content altogether.

As Hoofnagle said in a previous interview, the point was never that Flash was bad - the point was that pervasive tracking is bad.

There have been a number of spot-check studies of online tracking in the past few years, and at least one multiyear survey. But it seems the Web Privacy Census is the first evaluation specifically set up to run in perpetuity.

Spotting cookies

The benchmark was created in partnership with Abine, a company that creates privacy extensions for Web browsers. They performed "crawls" of the 100, 1,000 and 25,000 most popular sites online, using a test browser to spot cookies and other tracking tools.

"It really is an arms race, there's a huge amount of investment in the online ad industry, so this was a way we could even the balance a bit," said Andrew Sudbury, chief technology officer at Abine.

The real value of the study will emerge in time, as the regular surveys enable the team, other researchers and public officials to decipher isolated tracking events from true trends, said Nathan Good, chief scientist at Good Research in Berkeley, who analyzed the data for the study. The researchers plan to make the data freely available.

"Getting consistent data over time allows people to make better inferences and better decisions," Good said.

Latest from the SFGATE homepage:

Click below for the top news from around the Bay Area and beyond. Sign up for our newsletters to be the first to learn about breaking news and more. Go to 'Sign In' and 'Manage Profile' at the top of the page.